Configure TLS Strong Encryption

You can configure TLS strong encryption for LCE-client communications to meet the security needs of your organization. LCE uses TLS 1.2 to encrypt LCE-client communications. For more information about LCE encryption, see Encryption Strength.

To configure TLS strong encryption for LCE communications:

  1. Log in to LCE via the command line interface (CLI).

  2. In the CLI in LCE, run the following command to specify the cipher you want to use for TLS encryption:

    source /opt/lce/tools/exigent-sessions.bashrc

    undoc-config --set lced cryptSyslog_ciphersuiteSelector <cipher you want to use for TLS encryption>

    For example:

    source /opt/lce/tools/exigent-sessions.bashrc

    undoc-config --set lced cryptSyslog_ciphersuiteSelector ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384

  3. Run the following command to restart all LCE daemons:

    restart-all bar-pg

    All LCE daemons restart.